4465 matches found
CVE-2024-8362
CVE-2024-8362 affects Google Chrome/Chromium WebAudio: a use-after-free in WebAudio leads to potential heap corruption on crafted HTML pages. Affected product/component: Chromium/WebAudio in Chrome prior to 128.0.6613.119. Root cause: use-after-free in WebAudio paths. Impact per sources: remote a...
CVE-2024-3834
Concrete details found: CVE-2024-3834 affects Google Chrome/Chromium, describing a Use-after-Free in the Downloads component that could enable heap corruption via a crafted HTML page. Affected versions are prior to 124.0.6367.60. The issue has been addressed in newer Chromium/Chrome updates (e.g....
CVE-2023-1234
CVE-2023-1234 affects Google Chrome on Android prior to 111.0.5563.64, due to an inappropriate implementation in Intents that enables domain spoofing via a crafted HTML page. The CVSS v3.1 base score is 4.3 (Medium). Public details in connected sources include PoC/exploit repositories related to ...
CVE-2024-8033
The CVE-2024-8033 issue affects Chromium-based Google Chrome (Windows) through an Inappropriate implementation in WebApp Installs that could allow UI spoofing via a crafted HTML page before the 128.0.6613.84 update. Connected advisories confirm this CVE is among the Chrome/Chromium security fixes...
CVE-2024-7978
CVE-2024-7978 is a Chrome/Chromium vulnerability: Insufficient policy enforcement in Data Transfer allowed cross-origin data leakage via a crafted HTML page when a user engages specific UI gestures. Affected product: Google Chrome/Chromium-based browsers. Root cause: insufficient policy enforceme...
CVE-2024-3159
CVE-2024-3159 affects Google Chrome/Chromium’s V8 engine. It is an out-of-bounds memory access vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. The flaw exists in Chrome/Chromium versions prior to 123.0.6312.105 and is addressed by updating...
CVE-2019-5785
CVE-2019-5785: An integer overflow in Skia led to potential arbitrary code execution via a crafted HTML page. Affected products include Google Chrome (Skia) prior to 72.0.3626.81 and Mozilla components used by Thunderbird/Firefox (e.g., Skia in Thunderbird before 60.5.1). Mitigation: patch Chrome...
CVE-2024-7975
CVE-2024-7975 corresponds to an Inappropriate implementation in Permissions in Google Chrome/Chromium, enabling UI spoofing via a crafted HTML page. The connected sources confirm the issue affects Chrome/Chromium prior to version 128.0.6613.84, with Medium severity (CVSS 4.3). Debian security adv...
CVE-2024-7965
CVE-2024-7965 affects Google Chrome’s V8 engine (Chromium) with an inappropriate implementation vulnerability that allows remote heap corruption via a crafted HTML page. Impact is High (CVE entry notes potential exploitation, with network attack vector and user interaction required). Affected sof...
CVE-2023-5346
CVE-2023-5346 affects Google Chrome/Chromium’s V8 engine prior to 117.0.5938.149. A type confusion in V8 could allow a remote attacker to trigger heap corruption via a crafted HTML page, with high severity (CVSS 3.1: 8.8, network attack vector, user interaction required). Affected component is Ch...
CVE-2024-3838
CVE-2024-3838 affects Google Chrome/Chromium Autofill: an inappropriate Autofill implementation allowed UI spoofing via a crafted app, when a user is lured to install malware. The issue exists in Chrome prior to 124.0.6367.60; remediation is to upgrade to 124.0.6367.60 or newer. Exploitation deta...
CVE-2024-11395
CVE-2024-11395 is a type confusion vulnerability in V8 (Chrome/Chromium) that enables potential heap corruption via a crafted HTML page. Public docs identify affected product families as Google Chrome/Chromium and report impact as high. The Debian security advisory confirms fixes in Chromium 131....
CVE-2025-6555
CVE-2025-6555 affects Google Chrome (Chromium-based) and its Animation component. The vulnerability is described as a use-after-free leading to potential heap corruption via a crafted HTML page. Chromium/chrome advisories indicate the fix is included in Chrome 138.0.7204.49 (Linux/Windows/macOS),...
CVE-2024-6100
Summary: CVE-2024-6100 is a type confusion in V8 affecting Google Chrome/Chromium prior to 126.0.6478.114, enabling a remote attacker to execute arbitrary code via a crafted HTML page. The issue is rooted in V8's type handling, with an attack vector over the network and a required user interactio...
CVE-2024-3156
CVE-2024-3156 affects Chromium/Google Chrome via an inappropriate implementation in V8, allowing remote memory-out-of-bounds access through a crafted HTML page on versions prior to 123.0.6312.105. Debian security advisory confirms the fix is in chromium 123.0.6312.105-1~deb12u1 for stable (bookwo...
CVE-2024-9602
CVE-2024-9602 affects Chromium/Google Chrome's V8 engine. A type confusion in V8 allows a remote attacker to trigger an out-of-bounds memory write via a crafted HTML page on Chrome/Chromium builds older than 129.0.6668.100. Impact is high as per CVSS, with potential for arbitrary code execution o...
CVE-2024-3158
CVE-2024-3158 (Chromium/Google Chrome): Use-after-free in Bookmarks handling can lead to heap corruption via a crafted HTML page in Chrome/Chromium before version 123.0.6312.105. A remote attacker could potentially exploit this vulnerability. Affected software/version info in sources shows patche...
CVE-2024-8904
CVE-2024-8904: Type Confusion in V8 affecting Google Chrome’s Chromium-based stack prior to 129.0.6668.58, enabling potential heap corruption via a crafted HTML page. Connected sources confirm this impacts Chrome/V8 and Chromium builds; Debian and Linux distributions report fixes in 129.0.6668.58...
CVE-2023-5485
CVE-2023-5485 affects Google Chrome/Chromium: an inappropriate Autofill implementation prior to 118.0.5993.70 allows a remote attacker to bypass Autofill restrictions via a crafted HTML page. The vulnerability is characterized with a Low Chromium security severity and a Medium CVSS v3.1 base scor...
CVE-2025-0434
CVE-2025-0434 describes an out-of-bounds memory access in V8 (Google Chrome/Chromium) prior to version 132.0.6834.83, potentially enabling heap corruption via a crafted HTML page and a remote attack. Mitigation: update to Chrome/Chromium 132.0.6834.83 or later; Debian security advisory confirms t...
CVE-2024-3837
CVE-2024-3837 is a Chrome/Chromium vulnerability described as a use-after-free in QUIC that could allow heap corruption when a renderer process is compromised. Affected software is Google Chrome/Chromium prior to version 124.0.6367.60. The underlying issue is triggered by crafted HTML pages, with...
CVE-2024-2173
CVE-2024-2173 is an out-of-bounds memory access vulnerability in V8 used by Google Chrome/Chromium, with the affected public fix version 122.0.6261.111. Multiple connected sources (Chromium/Chrome release notes, Fedora/Debian security updates, and FreeBSD electron references) confirm the issue an...
CVE-2024-2174
CVE-2024-2174 affects Chromium/Google Chrome’s V8 engine. An inappropriate implementation in V8 allowed heap corruption via a crafted HTML page, enabling a remote attacker to potentially exploit it. Impact is described as high (C/H/I/A). Affected version is prior to 122.0.6261.111; Chrome/Chromiu...
CVE-2024-5158
CVE-2024-5158 is a type confusion in V8 in Google Chrome prior to 125.0.6422.76, allowing a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. The vulnerability is documented across multiple sources and mitigations indicate upgrading to Chrome 125.0.6422.76 (stab...
CVE-2024-12381
CVE-2024-12381 is a type confusion vulnerability in V8 for Google Chrome before 131.0.6778.139 that could allow a remote attacker to cause heap corruption via a crafted HTML page. The connected release notes confirm the flaw and assign high severity; Debian security advisory also references the i...
CVE-2024-3847
CVE-2024-3847 affects Chromium-based WebUI components (Chrome/Chromium) and is caused by Insufficient policy enforcement in WebUI, enabling a remote attacker to bypass the Content Security Policy via a crafted HTML page. Publicly discussed in ChromeOS/Chromium advisories and Debian security notic...
CVE-2025-2476
Use-after-free in Lens within Google Chrome (Chromium) up to version 134.0.6998.117 can allow a remote attacker to trigger heap corruption via a crafted HTML page. Affected component: Lens in Chrome/Chromium; root cause: use-after-free. Impact per provided sources: potential arbitrary code execut...
CVE-2026-2323
The CVE-2026-2323 issue affects Google Chrome/Chromium, stemming from an inappropriate implementation in the Downloads component. This allowed a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability is tied to Chrome/Chromium builds before version 145.0.7632.45; upgrad...
CVE-2019-13751
CVE-2019-13751 is a SQLite-related information disclosure in Google Chrome/Chromium. The issue arises from an uninitialized value in the SQLite library, exploited via a crafted HTML page to read potentially sensitive data from the process memory. Publicly documented fixes are included in Chromium...
CVE-2019-5782
CVE-2019-5782 is a Chrome/V8 vulnerability in TurboFan’s typer module where an incorrect type inference for arguments.length causes BCE to elide a bounds check, enabling out-of-bounds access and, per the Connected documents, reliable code execution. The CVE targeted Chrome versions around 63–72, ...
CVE-2021-30588
The CVE-2021-30588 entry maps to a Chrome/Chromium V8 issue, where a type confusion in V8 prior to 92.0.4515.107 could allow a remote attacker to trigger heap corruption via a crafted HTML page, potentially enabling arbitrary code execution or content spoofing. Connected advisories corroborate th...
CVE-2024-3841
CVE-2024-3841 affects Google Chrome/Chromium where the Browser Switcher failed data validation, allowing a remote attacker to inject scripts/HTML into a privileged page via a malicious file. Connected sources confirm the issue in Chromium/Chrome and note remediation via updated builds. Debian sec...
CVE-2024-6990
CVE-2024-6990 concerns Google Chrome on Android (Dawn) with uninitialized use, allowing potential out-of-bounds memory access via a crafted HTML page. Affected component: Dawn in Chromium-based Chrome; root cause per sources is uninitialized use. Impact as described: potential remote code executi...
CVE-2024-5830
CVE-2024-5830 is a Type Confusion in V8 affecting Google Chrome/Chromium prior to 126.0.6478.54. A remote attacker could trigger an out-of-bounds memory write via a crafted HTML page. Impact is High (C/H/I/A). Mitigations: update to Chrome 126.0.6478.54 or newer; Debian security advisory shows fi...
CVE-2024-7970
CVE-2024-7970: Out-of-bounds write in V8 used by Google Chrome prior to 128.0.6613.119 can allow a remote attacker to potentially cause heap corruption via a crafted HTML page. Affected component is Chrome/Chromium’s V8 engine; impact is high (remote code execution/compromise of confidentiality, ...
CVE-2024-4950
CVE-2024-4950 pertains to Chromium/Google Chrome prior to 125.0.6422.60, where an inappropriate implementation in Downloads could let a remote attacker lure a user into specific UI gestures to spoof UI via a crafted HTML page. Affected products are Chrome/Chromium browsers; the underlying issue i...
CVE-2025-0444
CVE-2025-0444 is a use-after-free in Skia within Google Chrome before version 133.0.6943.53, leading to potential heap corruption via a crafted HTML page. The issue is acknowledged as High severity; Chrome fixed it in the 133.0.6943.53 release, and Debian security advisories also reference the fi...
CVE-2021-30513
CVE-2021-30513 corresponds to a type confusion in V8 of the Chromium browser (pre-90.0.4430.212). The issue affects Chromium/Chrome’s V8 engine and is described as a type confusion vulnerability in the JavaScript engine, potentially enabling heap-related corruption via crafted HTML pages. Connect...
CVE-2023-4430
CVE-2023-4430 is a use-after-free in Vulkan within Google Chrome/Chromium prior to 116.0.5845.110, enabling remote heap corruption via a crafted HTML page. Affected: Chrome/Chromium; root cause: use-after-free in Vulkan handling. Impact: high (remote code execution risk, heap corruption). Remedia...
CVE-2024-10827
CVE-2024-10827 affects Chromium/Google Chrome prior to version 130.0.6723.116. The issue is a use-after-free in Serial, enabling remote heap corruption via a crafted HTML page. The vulnerability is rated High severity (CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Public advisories confirm a f...
CVE-2024-6772
CVE-2024-6772 affects Google Chrome/Chromium and is tied to the V8 engine. A crafted HTML page can trigger an out-of-bounds memory access, allowing a remote attacker to potentially achieve arbitrary behavior. Affected versions are Chrome/Chromium before 126.0.6478.182. Public docs in Debian/FreeB...
CVE-2019-13750
CVE-2019-13750 affects Google Chrome (Chromium) where the SQLite component used by Chrome allowed insufficient data validation, enabling a remote attacker to bypass defense-in-depth via a crafted HTML page. Affected product: Chrome/Chromium with the SQLite library integrated; root cause: data val...
CVE-2023-2937
CVE-2023-2937 is an issue in Google Chrome’s Picture-in-Picture (PiP) component where an insecure PiP implementation in Chrome/Chromium allowed a remote attacker with a compromised renderer to spoof the Omnibox (URL bar) via a crafted HTML page. The vulnerability is described as an Inappropriate ...
CVE-2024-3839
CVE-2024-3839 describes an out-of-bounds read in Fonts in Google Chrome/Chromium, allowing a remote attacker to potentialy read sensitive data from process memory via a crafted HTML page. Connected sources corroborate the issue across Chromium-based products (Astra Linux, Debian chromium security...
CVE-2024-4331
CVE-2024-4331 affects Chromium-based browsers (Google Chrome/Chromium) with use-after-free in Picture-in-Picture prior to 124.0.6367.118. The vulnerability could allow a remote attacker to induce heap corruption via a crafted HTML page, with high impact across confidentiality, integrity, and avai...
CVE-2024-4948
CVE-2024-4948 affects Chromium-based Google Chrome, specifically the Dawn WebGPU component, with.a Use-After-Free in Dawn leading to potential heap corruption when presented with a crafted HTML page. Reports in multiple sources (Debian security advisory, Fedora/Chromium updates, and related Chrom...
CVE-2020-6405
CVE-2020-6405 is an out-of-bounds read in the SQLite component of Chromium-based Chrome prior to 80.0.3987.87, enabling a remote attacker to disclose potentially sensitive information from process memory via a crafted HTML page. Affected: Chrome/Chromium with SQLite. Impact: information disclosur...
CVE-2022-2603
The CVE-2022-2603 entry describes a use-after-free in Chrome/Chromium’s Omnibox that could allow a remote attacker to trigger heap corruption via a crafted HTML page. Affected software is Google Chrome/Chromium (prior to version 104.0.5112.79). The vulnerability’s impact is described as possible ...
CVE-2025-0438
CVE-2025-0438 corresponds to a stack buffer overflow in Chrome/Chromium tracing code that could enable remote exploitation via a crafted HTML page. Affected software is Google Chrome (Chromium-based); impact is high per sources. Remediation across provided documents includes updating to Chromium/...
CVE-2024-3840
CVE-2024-3840 affects Google Chrome/Chromium where insufficient policy enforcement in Site Isolation could allow a remote attacker to bypass navigation restrictions via a crafted HTML page. The issue is mitigated in Chrome/Chromium 124.0.6367.60 (and newer); Debian security advisory lists 124.0.6...